package com.example.demo.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

/**
 * Created by hasee
 * on 2019/11/11 9:03
 */

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http.
                csrf().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests()
                .antMatchers("/","/user/main","/column/selectColumnList","/resource/recommend",
                        "/user/register","/user/checkuseraccountrepeat", "/user/login","/user/logincheck",
                        "/user/testtoken","/user/center/userInfo")
                .permitAll()
                .antMatchers("/column/selectColumnList","/column/selectColumnInfo","/column/getArticleList")
                .permitAll()
                .antMatchers("/uploadfilecover/**").permitAll()//该行为授权访问静态资源--/uploadfilecover/**  去掉**则无法访问
                .antMatchers("/resource/main").permitAll()
                .antMatchers("/admin/login").permitAll()
                .antMatchers("/user/userlist","/user/backupdateuserinfo","/resource/maintoandroid","/user/changeuserstate").permitAll()
                .anyRequest()
                .authenticated();
//                .and()
//                .formLogin()
//                .loginPage("/user/login")
//                .permitAll()
//                .and()
//                .logout()
//                .permitAll();
    }

}
